Integrating Artificial Intelligence into Snort IDS
暂无分享,去创建一个
Snort is an open source network intrusion detection and prevention system (IDS/IPS) utilizing a rule-driven language, its shortcoming is unable to detect new attacks. This paper explores how to integrate Artificial Intelligence into Snort IDS/IPS, which enables IDS/IPS adapt to networks and detect anomalies. As for preprocessors of Snort IDS, a learning algorithm such as artificial neural network (ANN) is integrated into it. So Artificial Intelligence alleviates some of the security professionals' work load by first learning about a network and gauging reactions from a security professional to reduce false positives, and second, by adapting to changes in the network to identify new attacks.
[1] Stephanie Forrest,et al. Revisiting LISYS: parameters and normal behavior , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).
[2] F. Neri,et al. Comparing local search with respect to genetic evolution to detect intrusions in computer networks , 2000, Proceedings of the 2000 Congress on Evolutionary Computation. CEC00 (Cat. No.00TH8512).
[3] Carla E. Brodley,et al. Data Reduction Techniques for Instance-Based Learning from Human/Computer Interface Data , 2000, ICML.